---
title: 'Enterprise SSO | Cypress Cloud'
description: 'Configure SSO with Okta, SAML, or Azure AD in Cypress for your Cloud organization.'
sidebar_label: Enterprise SSO
sidebar_position: 40
---

<ProductHeading product="cloud" plan="business" />

# Enterprise SSO

:::info

##### <Icon name="question-circle" color="#4BBFD2" /> What you'll learn

- How to enable Enterprise SSO for your organization
- How to configure SSO with Okta, SAML, or Azure AD

:::

## Getting Started

**You need two things to get started:**

- A Cypress Cloud account with a [Business or Enterprise paid pricing plans](https://www.cypress.io/pricing)
- You must be an **owner** of your Cypress Cloud organization.

## Enable SSO

1. Log in to [Cypress Cloud](https://cloud.cypess.io) and navigate to the **Integrations** page for your
   organization.
2. Scroll down to the **Enterprise SSO** section. Select your SSO provider and
   take note of the information provided and required. Keep this window open and
   continue to the
   [configuration instructions for your specific SSO provider](#SSO-Provider-Configuration)
   below.

## SSO Provider Configuration

Follow the instructions below for your specific SSO provider.

:::caution

<strong>Smart Card Authentication</strong>

For Smart Card implementation, please reach out to
support at support@cypress.io for assistance.

:::

- [Okta](#Okta)
- [SAML](#SAML)
- [Azure AD](#Azure-AD)

### **Okta**

Cypress Cloud can integrate with Okta via SAML. In addition to the documentation
below, refer to
[Okta's official documentation for setting up a new SAML application.](https://developer.okta.com/docs/guides/saml-application-setup/overview/)

1. Log into your Okta dashboard and head to the **Admin** section.
   <DocsImage
     src="/img/cloud/sso/okta-admin-cypress-sso-setup.png"
     alt="Okta Admin"
   />
1. Create a new SAML-based Web application.
   <DocsImage
     src="/img/cloud/sso/okta-add-application-step1-cypress-sso.png"
     alt="Create Okta SAML App"
   />
   <DocsImage
     src="/img/cloud/sso/okta-add-application-step3-cypress-sso.png"
     alt="Create Okta SAML App"
     width={600}
   />
1. Supply the following information requested in the Okta setup wizard:
   - **App name:** `Cypress Cloud`
   - **App logo:** [Cypress logo download](https://on.cypress.io/logo)
   - **Single sign on URL:** The URL provided in Cypress Cloud
   - **Audience URI:** The URI provided in Cypress Cloud
   - **Attribute statements:** Add the attribute statements described in Cypress
     Cloud
1. Click **Next** then select **I'm an Okta customer** and click **Finish**.
1. Click the **View Setup Instructions** button in the middle of the page.
   Cypress Cloud needs the information provided here:
   - Copy the Identity Provider Single sign-on URL to Cypress Cloud.
   - Download the certificate and upload that to Cypress Cloud.
1. Navigate to the **Assignments** tab and grant your users access to Cypress
   Cloud.
1. [Save Configuration](#Save-Configuration).

### **SAML**

Cypress Cloud can integrate with your identity provider via SAML. In addition to
the documentation below, refer to your provider's official documentation for
configuring a SAML integration.

<DocsImage src="/img/cloud/sso/enterprise-SSO-SAML.png" alt="SAML SSO" />

1. Log into the admin interface for your identity provider.
1. Work through the setup wizard supplying the information requested:
   - **App name:** `Cypress Cloud`
   - **App logo:** [Cypress logo download](https://on.cypress.io/logo)
   - **Single sign on URL:** Collect the URL provided by Cypress Cloud
   - **Audience URI:** Collect the URI provided by Cypress Cloud
   - Add a custom mapping of **AttributeStatements** with the following:
   - `User.Email`: User's email
   - `User.FirstName`: User's first name
   - `User.LastName`: User's last name
1. Collect the sign-on URL and certificate from your identity provider. Supply
   that to Cypress Cloud.
1. [Save Configuration](#Save-Configuration).

### **Azure AD**

Cypress Cloud can integrate with your identity provider via Azure AD. In
addition to the documentation below, refer to the Microsoft Guides for
[configuring an application](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app).

1. Log into the Azure portal and create a new Application.
1. Work through the application setup, supplying the following information when
   requested:
   - **App name:** `Cypress Cloud`
   - **App logo:** [Cypress logo download](https://on.cypress.io/logo)
   - **Login URL:** Collect the URL provided by Cypress Cloud
1. Collect the `Client ID` for your application provided in the Application
   overview page.
1. Go to **Certificates and Secrets** in your Azure Application and create a new
   secret that does not expire. Copy this newly-created secret and paste it in
   the `Azure Client Secret` field in Cypress Cloud.
1. Under **API Permissions** in Azure AD, ensure the application has access to
   **User.Read** permissions
1. Enter the domain used for your Active Directory, as well as the list of SSO
   domains you wish to allow user to authenticate with, in Cypress Cloud. This
   is used for SSO discovery from the login screen.
1. [Save Configuration](#Save-Configuration).

## Save Configuration

Return to Cypress Cloud and click **Save Configuration**. Cypress Cloud will
attempt to authenticate.

🎉 Your integration is now complete! You can invite all of the users in your
organization to sign in through your SSO provider.

## Notes

- Once SSO is successfully set up, users will need to be invited via your SSO
  provider, as the Cypress Cloud invitation option will be disabled.
- All SSO Users are initially added with the
  [User Role](/cloud/account-management/users#User-roles) of Member. If a
  User needs different User Role permissions, this can be changed via Cypress
  Cloud by a current member with the role of Owner or Admin.
- SSO users are separate accounts from Google/GitHub or email/password users. If
  there are duplicate users, duplicates can be removed by any
  [Owner or Admin](/cloud/account-management/users#User-roles).
